Cisco ASA 5585

prathameshdesai081 · ‎05-18-2019

Hi,

I have planning to implement secondary asa 5585 in HA so what I have configure in secondary device ???

balaji.bandi · ‎05-18-2019

here is good document to start with :

https://www.thegeekstuff.com/2011/09/cisco-asa-high-availability/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

prathameshdesai081 · ‎05-18-2019

Hi ,

I have read the article but in my senario my primary is failed and secondary become active so I have to replaced new one in current live setup without affecting the secondary-active configuration.so what is the best way to complete this task.

Marvin Rhoads · ‎05-18-2019

This has been answered several times over the years. ASA HA configuration has not changed significantly since, so the earlier threads remain valid:

https://community.cisco.com/t5/firewalls/replacement-of-primary-unit-failed-asa5510-active-standby/td-p/1765303 (2012)

https://community.cisco.com/t5/firewalls/replacing-primary-asa-in-h-a-pair/td-p/3369761 (2018)

Bottom line - you need only have the matching hardware and boot image (and any other files such as AnyConnect images) on the replacement unit. Give it a minimal failover config to match that on the failed unit and allow it to sync with the Secondary-Active. Then connect all the cabling and power it on. It should come up as Primary-Standby and synchronize running-config from the Secondary-Active unit. You may then (optionally) make it active with the command "failover active".